From ebfbf195d459b83d5f2e96a8663c953087f3eb0f Mon Sep 17 00:00:00 2001 From: Aurelien Jarno Date: Mon, 11 Dec 2023 22:07:17 +0100 Subject: [PATCH] tests/set_option: Avoid use-after-free in case of test failure In case num_devices equals 0, LIBUSB_EXPECT() calls LIBUSB_TEST_CLEAN_EXIT(), which calls libusb_exit() on test_ctx which has just been freed a few lines above by a call to libusb_exit(). This might cause a SEGFAULT or SIGBUS depending on the system. Fixes that by assigning NULL to test_ctx just after calling libusb_exit() like it is done elsewhere in the file. Closes #1374 --- libusb/version_nano.h | 2 +- tests/set_option.c | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/libusb/version_nano.h b/libusb/version_nano.h index 7dc487b..3dfc13c 100644 --- a/libusb/version_nano.h +++ b/libusb/version_nano.h @@ -1 +1 @@ -#define LIBUSB_NANO 11848 +#define LIBUSB_NANO 11849 diff --git a/tests/set_option.c b/tests/set_option.c index c983378..20c55eb 100644 --- a/tests/set_option.c +++ b/tests/set_option.c @@ -174,6 +174,7 @@ static libusb_testlib_result test_no_discovery(void) ssize_t num_devices = libusb_get_device_list(test_ctx, &device_list); libusb_free_device_list(device_list, /*unref_devices=*/1); libusb_exit(test_ctx); + test_ctx = NULL; LIBUSB_EXPECT(>, num_devices, 0);